Break-Glass Accounts Done Right: Securing Emergency Access in Microsoft Entra Emergencies happen every day. Most of the time, they happen to someone else.Until the day they happen to you - then what?We all know things can go wrong, but most organizations do not spend much time ...

Most break-glass accounts won’t work when they’re needed without testing, no monitoring or wrong design.

I wrote a practical guide on designing, securing and monitoring emergency access in Microsoft Entra 👇
www.chanceofsecurity.com/post/break-g...

#CyberSecurity #MicrosoftEntra #ZeroTrust #MVPBuzz

GitHub - Noble-Effeciency13/M365IdentityPosture: PowerShell security reporting framework for Microsoft 365 identity posture assessment. Analyzes Authentication Context, PIM, Conditional Access & more. PowerShell security reporting framework for Microsoft 365 identity posture assessment. Analyzes Authentication Context, PIM, Conditional Access & more. - Noble-Effeciency13/M365IdentityPosture

Built Access Package Documentor as part of the community-driven M365IdentityPosture PowerShell module

Visualizing Entitlement Management - incl. Catalogs -> resources

Built with Christian Frohn after great discussions in EMS Discord run by Jonas Bøgvad.

github.com/Noble-Effeci...

#M365 #MSEntra

How to Configure Inbound SMTP DANE & DNSSEC in Exchange Online We’re already sending emails securely, now it’s time to secure inbound email as well!Back in 2022, Microsoft enabled outbound SMTP DANE with DNSSEC for all Exchange Online customers, including MSA (ho...

Inbound SMTP still vulnerable to downgrade & MITM attacks?

Then read this post for configuring inbound DANE + DNSSEC to enforcing TLS encryption
Covers prereqs, DNS config, validation & testing.

www.chanceofsecurity.com/post/how-to-...

#ExchangeOnline #DNSSEC #DANE #EmailSecurity #Microsoft365

Modern Email Security Explained: From Sender Authentication to Transport Security Sending an email securely requires more moving parts than most people expect, you don’t notice when it works. You really notice when it doesn’t!Email is still one of the most critical, and most abused...

Email security isn’t magic, it’s layered building blocks.
This post breaks down these blocks, and shows how they work together to protect sender identity, DNS integrity, and SMTP transport.

🔗 chanceofsecurity.com/post/modern-...

#EmailSecurity #DMARC #DNSSEC #ExchangeOnline #MicrosoftSecurity #MS

GitHub - Noble-Effeciency13/PIMActivation: PIMActivation is a PowerShell module designed to streamline Microsoft Entra Privileged Identity Management (PIM) activations. It supports bulk role activatio... PIMActivation is a PowerShell module designed to streamline Microsoft Entra Privileged Identity Management (PIM) activations. It supports bulk role activations while dynamically adhering to the spe...

🚀 PIMActivation v2.0.0 is out!
Azure RBAC PIM activation is finally here, with faster role enumeration, bulk select, and support for custom Entra ID app registrations.
If you work with PIM daily, this update is worth it.

Check it out:
github.com/Noble-Effeci...

#Azure #EntraID #PIM #PowerShell

The Hidden Steps Microsoft Forgot to Document: Securing Azure App Service Authentication Behind Front Door with Private Link Today I want to walk through how to configure Azure App Service Authentication when your App Service sits behind Azure Front Door and is accessed through a Private Link.On a dreadful day in october 20...

Running Azure App Service behind Front Door + Private Link? Authentication probably “works on paper” but still breaks. I documented the missing steps Microsoft forgot. Forward proxy config included.
Full guide: www.chanceofsecurity.com/post/hidden-...
#Azure #AzureFrontDoor #CloudSecurity #MSEntra

Learn about Security Copilot inclusion in Microsoft 365 E5 subscription Learn about Security Copilot availability in Microsoft 365 (ME5)

This is crazy… Security Copilot coming to Microsoft 365 E5!

learn.microsoft.com/en-us/copilo...

Looking forward to what else comes out of this years #Microsoft #Ignite

Fast-Start Checklist for Microsoft Defender CSPM: From Enablement to Best Practices | Microsoft Community Hub When it comes to securing your multicloud environment, Microsoft Defender Cloud Security Posture Management offers a powerful suite of agentless...

Fast-Start Checklist for Microsoft Defender CSPM: From Enablement to Best Practices techcommunity.micros...

#MicrosoftDefender #DefenderforCloud #Security #MicrosoftSecurity #Cybersecurity #DefenderXDR #MicrosoftThreatIntelligence

Mastering Microsoft Entra Authentication Contexts - Part 4: Monitoring and Reporting with KQL & M365IdentityPosture We’ve covered what Authentication Contexts are, why they matter, and how they help us strengthen access and data security in Microsoft 365.Now it’s time to answer the next question - how do we monito...

The final part in my Entra Authentication Contexts series is out! Learn how to monitor & report with KQL and a new PowerShell module, M365IdentityPosture. Gain visibility, track usage and strengthen governance.

👉 www.chanceofsecurity.com/post/masteri...

#MSEntra #PowerShell #KQL #M365Security

Mastering Microsoft Entra Authentication Contexts - Part 3: Advanced Data Protection With identities and access strengthened in part 2, it’s time to turn our focus to real-world data protection with Authentication Contexts.One of the more underused capabilities of Authentication Conte...

Securing data isn’t just about access, it’s about context.

In Part 3 of my Authentication Contexts series, I dive into real-world data protection with MDCA, SharePoint, and Sensitivity Labels.

Read the post:

www.chanceofsecurity.com/post/masteri...

#MSEntra #DataProtection #ZeroTrust

Mastering Microsoft Entra Authentication Contexts – Part 2: Real-World Access & Action Controls In Part 1 of this mini-series, we explored the what, why, and how of Microsoft Entra Authentication Contexts, laying the foundation for what they are and how they work. In this second part, we’ll buil...

Part 2 of my series on Microsoft Entra Authentication Context is live! 🚀Diving into real-world access & action scenarios with Practical configs, best practices & CA policy examples included. www.chanceofsecurity.com/post/masteri...

#MicrosoftEntra #ConditionalAccess #CloudSecurity #MSEntra

Currently attending an identity management session by @mortenknudsen.net @ #IdentitySummit - so far we’ve gone over common “problems” that Morten often encounters, and so far i’ve simply been notting agreeingly for everything!

It’s kind of scary that the same issues keeps popping up!

Mastering Microsoft Entra Authentication Contexts – Part 1: What They Are, Why They Matter, and How to Use Them Over my last few posts, I’ve casually mentioned Authentication Context a few times, so I thought it was about time we gave the feature a proper spotlight.Within Microsoft Entra, we sometimes encounter...

Conditional Access: great for wide nets 🎣 …less so for scalpel work.

Enter Authentication Contexts — Entra’s hidden gem for precision access control, across Entra, Defender & Purview.

Dive into Part 1 of my guide:
👉 www.chanceofsecurity.com/post/masteri...

#MicrosoftEntra #CyberSecurity #MSEntra

PIMActivation: The Ultimate Tool for Microsoft Entra PIM Bulk Role Activation Getting annoyed or impatient when activating eligible roles in PIM — especially multiple roles at once? You’re not alone. Today, I’m sharing a solution to take the pain out of the process.Whenever I t...

🚀 New PowerShell tool just dropped: PIMActivation

Activate Microsoft Entra PIM roles (single or bulk) with a GUI and support for all requirements including Auth Contexts!

👉 www.chanceofsecurity.com/post/microso...

#PowerShell #Entra #PIM #ITAdminTools #MSEntra #MSIntune

RMAUs in Microsoft Entra let you delegate access without over-permissioning—even Global Admins are blocked unless scoped. Learn how to set them up, use them with PIM, and apply them to real-world scenarios, in my newest post!

🔗 bit.ly/4mVvypu

#MicrosoftEntra #ZeroTrust #IdentitySecurity #EntraID

Securing Microsoft Business Premium Part 05: Efficient Identity Management for External Users with Microsoft Entra Managing external users is one of the most tedious—but also critical—challenges in a Microsoft Business Premium environment.With authentication, authorization, and password security covered in earlier...

Part 05 of my Securing Microsoft Business Premium series is here!
This post covers external identity management: guest vs member users, cross-tenant access, user flows & more.
🔗 www.chanceofsecurity.com/post/securin...
#Microsoft365 #IAM #EntraID #MSIntune #MSEntra #CloudSecurity

Go With the Flow: Mastering Microsoft Entra User Flows—Self-Service Sign-Up in a Workforce tenant Managing new guest accounts can be a daunting task—especially when you’re dealing with high turnover, distributed teams, or unknown user lists. Today, I’ll show you how Microsoft Entra User Flows, oth...

New blog drop: Master guest onboarding with Microsoft Entra User Flows—automate access, leverage IdPs, and boost your security game. Simplify collaboration without losing control!

Check it out here → www.chanceofsecurity.com/post/go-with...

#MicrosoftEntra #Azure #IAM #CloudSecurity
#Microsoft

Securing Microsoft Business Premium Part 04: Passwords Unlocked – Mastering Self-Service Password Reset and Password Protection With authentication & authorization covered in the previous posts of the series, it's now time to dive into strengthening our password policies, empowering end-users, and enhancing overall password se...

🚨 New blog post!
Dive into Microsoft Password Protection—from SSPR setup to banned passwords and hybrid deployment.
Learn how to lock down your identity perimeter.
Read the post here:
www.chanceofsecurity.com/post/securin...

#PasswordSecurity #CyberSecurity #HybridIdentity #SSPR #MSIntune #MSEntra

Securing Microsoft Business Premium Part 03: Authorization Best Practices from Zero Trust to Complete Access Control In Part 02, we explored authentication, the process of verifying user identities—ensuring users are who they claim to be. Today we’ll build on that by diving into authorization—the process of determin...

Securing Microsoft Business Premium involves more than authentication. 🔑
Learn how Zero Trust & Conditional Access policies can protect your organization from risks.
www.chanceofsecurity.com/post/securin...

#MicrosoftSecurity #ZeroTrust #Authorization #ConditionalAccess #MSEntra #MSIntune

Countdown to #ELDK2025 with a cup of coffee in hand. Looking forward to a great conference!

Will see you there Dan :)

God Mode with a Timer: Using Logic Apps to Restrict Elevated Access in Entra In my last post I covered how to monitor the GOD Mode in Azure (Coined by the great John Savill). While visibility and monitoring are great capabilities, there’s a big issue: the permanent nature of t...

🚀 New post: God Mode with a Timer – Restricting Elevated Access in Entra with Logic Apps 🔐
Automate access removal & enforce Zero Trust with Logic Apps + Automation Account!
Read more 👉 chanceofsecurity.com/post/restric...
#MicrosoftEntra #AzureSecurity #IAM #ZeroTrust #CloudSecurity

New — Edward "Big Balls" Coristine of DOGE now has digital access to the Cybersecurity and Infrastructure Security Agency (CISA), an agency source has confirmed to me.

Unlocking Microsoft Entra’s Elevated Access Logs: Better Security, Better Insights Elevating access to manage Azure subscriptions is a valuable tool for administrators, particularly when dealing with unknown or orphaned subscriptions. However, with no built-in restrictions on when o...

🚀 New Blog Post! Unlock Microsoft Entra’s Elevated Access Logs for better security & insights! 🔐 Learn how to monitor & manage this powerful tool to prevent security risks!

🔗 Read more: www.chanceofsecurity.com/post/microso...

#MicrosoftEntra #AzureSecurity #CloudSecurity #IAM #MSEntra #MSIntune

Securing Microsoft Business Premium Part 02: Your Authentication is Broken—Here’s How to Fix It In the first part of this series, we laid the foundation for securing Microsoft Business Premium environments, covering the core security principles and configurations. Now, we shift our focus to auth...

🚨 Phishing, AiTM, and weak passwords are putting your org at risk. In Part 2 of my Microsoft Business Premium security series, I break down how to fix it before it’s too late. 🔐

🔗 www.chanceofsecurity.com/post/securin...

#CyberSecurity #Microsoft #Authentication #ZeroTrust

Anyone else got issues with registering #Passkey in #Microsoft Authenticator on unmanaged iOS & Android devices if you enforce Compliance in #ConditionalAccess?

#MSEntra

Your Microsoft Entra Tenant Isn’t as Secure as You Think – Fix It with Protected Actions! Protecting highly critical configurations in our Entra tenants has never been easier! Join me as we explore Protected Actions in Microsoft Entra and how they help us lock down security-sensitive opera...

Your Microsoft Entra Tenant Isn’t as Secure as You Think – Fix It with Protected Actions!

Protect your most critical configurations with #MSEntra Protected Actions.

🔗 Read more: chanceofsecurity.com/post/microso...

#CyberSecurity #IAM #ZeroTrust #MSIntune #MSEntra

Securing Microsoft Business Premium Part 01: Laying the Foundation Today kicks off a comprehensive blog series where I’ll delve into the security features of the Business Premium license SKU, offering detailed step-by-step guidance and best practices.In this first in...

🚀 Just launched the first part of my new series: Securing Microsoft Business Premium!
Learn foundational tips to secure your SMB with step-by-step guidance on Entra, Defender, and more. Start your security journey today!
www.chanceofsecurity.com/post/securin...

#Microsoft #MSEntra #Cybersecurity

Mastering Plus Addressing in Microsoft: Simplify Email Management Managing emails for unlicensed admin accounts? Juggling a shared mailbox flooded with notifications from services and clients? Today’s solution: Plus addressing!In the world of IT administration, jugg...

Unlock the power of Plus Addressing in #Microsoft! 📧
Manage emails sent to unlicensed admin accounts and enable easier management when receiving mails from multiple sources!
Check out my latest guide on this feature: www.chanceofsecurity.com/post/masteri...

#EmailManagement #TechTips #Productivity

Neo and Trinity making love in a bed that looks like a pizza oven

I’ve never watched Matrix Reloaded I didn’t know Trinity and Neo have sex in a pizza oven